General
-
Target
36feec8591e2042988c8aa54915033a939b921aaccabce600851ac0f3fe10e0d
-
Size
697KB
-
Sample
230328-nlh88aaf79
-
MD5
91980bc614159d01ea3ccf1e3d6c4ead
-
SHA1
496309c4e3a32e7826713ec48e88835a921cad16
-
SHA256
36feec8591e2042988c8aa54915033a939b921aaccabce600851ac0f3fe10e0d
-
SHA512
360c3ac7ec1ded671729f6536c0960dc3c2136b54c1da7412ff9674957297eaab71181482301f0fd110e475e72e9ab8cdfbc3d31743ce4b8f5271ee147ddd1ba
-
SSDEEP
12288:AMrOy90j3nbo+APWjVawBK27gFvnaQtimLVPyL6G5GjdAxI9gtzb3T2tNqQC:+yi3b1rawBK3vaQtirXGjOI94n3TgNqt
Static task
static1
Behavioral task
behavioral1
Sample
36feec8591e2042988c8aa54915033a939b921aaccabce600851ac0f3fe10e0d.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
36feec8591e2042988c8aa54915033a939b921aaccabce600851ac0f3fe10e0d
-
Size
697KB
-
MD5
91980bc614159d01ea3ccf1e3d6c4ead
-
SHA1
496309c4e3a32e7826713ec48e88835a921cad16
-
SHA256
36feec8591e2042988c8aa54915033a939b921aaccabce600851ac0f3fe10e0d
-
SHA512
360c3ac7ec1ded671729f6536c0960dc3c2136b54c1da7412ff9674957297eaab71181482301f0fd110e475e72e9ab8cdfbc3d31743ce4b8f5271ee147ddd1ba
-
SSDEEP
12288:AMrOy90j3nbo+APWjVawBK27gFvnaQtimLVPyL6G5GjdAxI9gtzb3T2tNqQC:+yi3b1rawBK3vaQtirXGjOI94n3TgNqt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-